VocaReader App Logo

Welcome to VocaReader!

Login
LegalPrivacy Policy

Privacy Policy

This is a translation of the German Privacy Policy. In case of discrepancies, the German version prevails.

1. Controller

The data controller responsible for the processing of personal data in connection with VocaReader is:

Tobias Jahn

Niederbottigenweg 91

3018 Bern

Switzerland

vocaby.reader@gmail.com

+41 76 22 66 149

For any questions regarding data protection, please contact me directly using the details above.

2. Scope

This Privacy Policy applies to the iOS and Android app VocaReader as well as to the website and APIs hosted on eduquent.com and its subdomains. I reserve the right to publish separate data protection notices for individual subdomains, which will then take precedence.

3. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights. To exercise them, please contact me at the address above.

  • Right of access (Art. 15 GDPR) – the right to obtain a copy of your personal data and information about how it is processed.
  • Right to rectification (Art. 16 GDPR) – the right to have inaccurate personal data corrected.
  • Right to erasure (Art. 17 GDPR) – the right to have your personal data deleted, subject to legal retention obligations.
  • Right to restriction of processing (Art. 18 GDPR) – the right to request that processing of your data be restricted.
  • Right to data portability (Art. 20 GDPR) – the right to receive your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR) – the right to object to processing based on legitimate interests.
  • Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint (Art. 77 GDPR) – you have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that the processing of your personal data violates the GDPR.

4. Data Processing

4.1 Account and Login

You can use VocaReader without creating an account. In that case, Firebase Authentication creates an anonymous session token solely to enable app functionality on your device. No personal data is associated with this token.

If you choose to create an account, login is handled via Google Sign-In or Sign in with Apple, both processed through Firebase Authentication (Google LLC). I only request the minimum data necessary to identify your account: name and email address as provided by the respective sign-in provider. This data is stored securely and used exclusively to identify you and provide my services, such as syncing your reading progress across devices.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Firebase is a service of Google LLC. For more information, see Google's Privacy Policy at policies.google.com/privacy. For Apple's privacy policy, see apple.com/legal/privacy.

4.2 Flashcard Generation (AI Services)

When you use the flashcard generation feature, VocaReader sends short text excerpts from the passage you are reading to an external AI service (currently OpenAI, LLC or Anthropic, PBC) in order to generate vocabulary flashcards. These excerpts contain only the selected literary text and no personal data. I do not transmit your name, email address, or any other identifying information to these services.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract / provision of the requested feature).

For further information, see OpenAI's Privacy Policy at openai.com/policies/privacy-policy and Anthropic's Privacy Policy at anthropic.com/privacy.

4.3 Contact Requests

If you contact me by email or telephone, your enquiry including any personal data it contains (name, phone number, message content) is stored and processed solely for the purpose of handling your request. I retain this data until you request deletion, withdraw your consent, or the purpose of storage no longer applies. I do not share this data with third parties without your consent.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries).

4.4 External Links

This website may contain links to external sites. This Privacy Policy does not apply to those sites. I endeavour to link only to sites that comply with applicable data protection standards, but I have no control over their content or practices. Please refer to the respective third party's privacy policy.

4.5 Crash Reporting (optional)

If you opt in via Settings, VocaReader uses Firebase Crashlytics (Google LLC) to send anonymous crash reports. These reports contain technical information such as device model, OS version, app version, and a stack trace. No personal data (name, email, or user ID) is included. Collection is disabled by default and can be toggled at any time in Settings → Privacy.

Legal basis: Art. 6(1)(a) GDPR (consent). You may withdraw consent at any time by disabling the toggle in Settings.

4.6 Server Logs

Access to the VocaReader backend servers is logged temporarily for the purposes of service provision, infrastructure optimisation, and security monitoring. IP addresses are only evaluated in the event of an attack on the infrastructure. Log data is retained for a maximum of one month and then deleted. The logged data includes:

  • The requested URL
  • The amount of data transferred
  • The IP address of the requesting device
  • The time of access
  • The client software (browser / operating system)

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable operation of the service).

5. Third-Party Providers and International Data Transfers

I use selected external service providers to operate VocaReader. Some of these providers are based outside the European Economic Area (EEA), in particular in the United States. For such transfers, I rely on appropriate safeguards to ensure an adequate level of data protection:

  • Netcup GmbH (Germany) – Hosting of this website and the VocaReader backend APIs. Data remains within the EEA.
  • Google LLC (USA) – Firebase Authentication, Firebase Crashlytics (crash reporting, only if opted in), and Google Play Store distribution. Google LLC participates in the EU-US Data Privacy Framework (DPF), providing an adequate level of data protection for transfers to the US (Art. 45 GDPR).
  • Apple Inc. (USA) – App Store distribution and Sign in with Apple. Apple Inc. participates in the EU-US Data Privacy Framework (DPF).
  • OpenAI, LLC / Anthropic, PBC (USA) – AI-assisted flashcard generation (non-personal text excerpts only). Transfers are based on Standard Contractual Clauses (Art. 46(2)(c) GDPR).

Unless required by law or court order, I will only share personal data with government agencies entitled to receive it.

6. Changes to this Policy

I reserve the right to update this Privacy Policy to reflect changes in the app, applicable law, or data processing practices. I recommend checking this page periodically for updates.

7. Contact

For questions about this Privacy Policy or your personal data, please contact me:

Tobias Jahn

Niederbottigenweg 91

3018 Bern

Switzerland

vocaby.reader@gmail.com

+41 76 22 66 149

Last updated: March 2026